DocuSign Reaches Another Milestone in Global Expansion with BCR Approval

It is an exciting day for DocuSign’s 300,000 customers and our hundreds of millions of users across the globe, as we announce the approval of our applications for Binding Corporate Rules (BCRs) as both a data controller and a data processor.

Grounded in the European Union’s (EU’s) stringent standards for data privacy, BCRs are widely considered the ‘gold standard’ for legal transfers of personal data outside the EU.

Achieving BCR approval is extremely important in the EU, where the General Data Protection Regulation (GDPR) compliance deadline in May is fast approaching and promises to give greater protection and rights to EU citizens while holding organizations accountable for protecting personal data.

The BCR approval process is rigorous and requires a strong commitment to data privacy and protection. It typically takes more than two years to complete and requires significant investments of time and resources to draft, implement and maintain. Only the most privacy-committed organisations have their BCR applications approved and DocuSign is proud to now be among them.

The Customer Benefit of BCRs

DocuSign’s top priority is the privacy and security of our customers’ documents. That’s why we endeavor to meet or exceed rigorous national and international security standards, as indicated by our current ISO 27001 certification. And given that trust is the foundation of any successful transactions, BCR approval further demonstrates DocuSign’s strong commitment to data protection and to our robust internal data protection practices.

DocuSign’s approved BCRs will serve as a legally valid transfer mechanism and commit DocuSign to implementing the highest standards for protecting the personal data of both its customers and its employees in accordance with EU data protection standards anywhere in the world that DocuSign operates. As DocuSign implements these BCRs, enterprise and multinational organisations, as well as customers of all sizes concerned about privacy will be able to transact business with increased confidence knowing that they are complying with GDPR data transfer requirements when using DocuSign.

Customers can leverage DocuSign’s approved BCRs as evidence of their own compliance with applicable EU data transfer laws, as well as demonstrate to their customers and partners that they use a vendor that adheres to the gold standard for international data transfers.

A Global Commitment

Given our commitment to business across the EU, we selected the Irish Data Protection Commissioner as the lead data protection authority for our BCR applications.